Ralf Hauser wrote:
Hi,If I do still have the public key and private key, I hope I still can use openssl to decrypt a message even if I lost the certificate originally used to encrypt to. Unfortunately, my attempts fail so far: openssl smime -decrypt -in encrypted.eml -recip privKeyAndPubkeyInOtherCert.pem Enter pass phrase for privKeyAndPubkeyInOtherCert.pem: Error decrypting PKCS#7 structure 2116:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:pk7_doit.c:430: 2116:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:pk7_smime.c:451: If I just take the private key, it gets worse: openssl smime -decrypt -in encrypted.eml -recip privKeyOnly.pem unable to load certificate 2504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE I guess it is partially explained why this happens (issuer-name, certificate-id pair) in http://marc.theaimsgroup.com/?l=openssl-users&m=110056304510836&w=2 Is there a way to decrypt that eml with openssl anyway short of Derek's ugly hack where he rebuilds a cert with same certificate-id/Issuer from the public key? Kind-of "force openssl to use a decryption key irrespective of all other rules it normally implements ..."? Many thanks for any hints in advance! Ralf
I'm pretty sure that you won't be able to do this using openssl smime...On the other hand it should be possible to create a hacked openssl smime which ignores certificates and tries to decode the the message with a hardcoded private key. But I don't know how much work this will be... :-/
Hope this helps Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
